From 9d762534104058f03de26d57b96763f9cb197516 Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 13 Feb 2024 15:45:04 +0000 Subject: [PATCH 1/4] super-linter: fix permission --- .github/workflows/reusable-super-linter.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-super-linter.yml b/.github/workflows/reusable-super-linter.yml index d750234..7f7780f 100644 --- a/.github/workflows/reusable-super-linter.yml +++ b/.github/workflows/reusable-super-linter.yml @@ -29,6 +29,9 @@ permissions: jobs: super-linter: runs-on: ubuntu-latest + permissions: + packages: read + statuses: write steps: - name: Harden Runner uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 @@ -67,9 +70,6 @@ jobs: VALIDATE_DOCKERFILE: true VALIDATE_BASH: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - permissions: - packages: read - statuses: write - name: Lint Code Base uses: super-linter/super-linter@ff5037c06042e564803502feb97f8a686f3b0171 # v6.0.0 From 3663b258a7ab3a0a96fe2748037972fc2302e83b Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 13 Feb 2024 15:53:34 +0000 Subject: [PATCH 2/4] super-linter: fix permission --- .github/workflows/reusable-super-linter.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable-super-linter.yml b/.github/workflows/reusable-super-linter.yml index 7f7780f..a8cfab6 100644 --- a/.github/workflows/reusable-super-linter.yml +++ b/.github/workflows/reusable-super-linter.yml @@ -25,13 +25,12 @@ on: permissions: contents: read + packages: read + statuses: write jobs: super-linter: runs-on: ubuntu-latest - permissions: - packages: read - statuses: write steps: - name: Harden Runner uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 From fdf68835445d057783af8f27e6c7803d54f16474 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 15:54:13 +0000 Subject: [PATCH 3/4] chore(deps): update github/codeql-action action to v2.24.1 --- .github/workflows/reusable-codeql.yml | 6 +++--- .github/workflows/reusable-scorecards.yml | 2 +- .github/workflows/reusable-trivy.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/reusable-codeql.yml b/.github/workflows/reusable-codeql.yml index e245813..312a111 100644 --- a/.github/workflows/reusable-codeql.yml +++ b/.github/workflows/reusable-codeql.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f0a12816612c7306b485a22cb164feb43c6df818 # v2.11.2 + uses: github/codeql-action/init@1a077f8f6c71a45340c26ca0b877e00459e5f443 # v2.24.1 with: languages: ${{ inputs.language }} config-file: ${{ inputs.config-file }} @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f0a12816612c7306b485a22cb164feb43c6df818 # v2.11.2 + uses: github/codeql-action/autobuild@1a077f8f6c71a45340c26ca0b877e00459e5f443 # v2.24.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,5 +88,5 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f0a12816612c7306b485a22cb164feb43c6df818 # v2.11.2 + uses: github/codeql-action/analyze@1a077f8f6c71a45340c26ca0b877e00459e5f443 # v2.24.1 diff --git a/.github/workflows/reusable-scorecards.yml b/.github/workflows/reusable-scorecards.yml index 27d19d5..e682d34 100644 --- a/.github/workflows/reusable-scorecards.yml +++ b/.github/workflows/reusable-scorecards.yml @@ -101,7 +101,7 @@ jobs: path: results.sarif - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@1a077f8f6c71a45340c26ca0b877e00459e5f443 # v2.24.1 with: sarif_file: results.sarif diff --git a/.github/workflows/reusable-trivy.yml b/.github/workflows/reusable-trivy.yml index 673ea94..f31bfbc 100644 --- a/.github/workflows/reusable-trivy.yml +++ b/.github/workflows/reusable-trivy.yml @@ -86,7 +86,7 @@ jobs: path: '${{ inputs.sarif }}' - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@1a077f8f6c71a45340c26ca0b877e00459e5f443 # v2.24.1 with: sarif_file: '${{ inputs.sarif }}' @@ -143,7 +143,7 @@ jobs: path: '${{ inputs.sarif }}' - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898 # v2.1.31 + uses: github/codeql-action/upload-sarif@1a077f8f6c71a45340c26ca0b877e00459e5f443 # v2.24.1 with: sarif_file: '${{ inputs.sarif }}' From 2b71c3c3eb4ae6e7297662271569e4d91b872fbd Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 13 Feb 2024 15:56:48 +0000 Subject: [PATCH 4/4] super-linter: fix permission --- .github/workflows/reusable-super-linter.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/reusable-super-linter.yml b/.github/workflows/reusable-super-linter.yml index a8cfab6..1fc59cf 100644 --- a/.github/workflows/reusable-super-linter.yml +++ b/.github/workflows/reusable-super-linter.yml @@ -25,12 +25,13 @@ on: permissions: contents: read - packages: read - statuses: write jobs: super-linter: runs-on: ubuntu-latest + permissions: + packages: read + statuses: write steps: - name: Harden Runner uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v2.2.1 @@ -79,6 +80,3 @@ jobs: VALIDATE_DOCKERFILE: true VALIDATE_BASH: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - permissions: - packages: read - statuses: write